JAR 16 20296A GRIZZLY STEPPE 2016 1229.pdf

Preview of PDF document jar-16-20296a-grizzly-steppe-2016-1229.pdf

Page 1 2 3 4 5 6 7 8 9 10 11 12 13

Text preview


7. Business Continuity: Are we able to sustain business operations without access to
certain systems? For how long? Have we tested this?
8. Penetration Testing: Have we attempted to hack into our own systems to test the
security of our systems and our ability to defend against attacks?
Top Seven Mitigation Strategies
DHS encourages network administrators to implement the recommendations below, which can
prevent as many as 85 percent of targeted cyber-attacks. These strategies are common sense to
many, but DHS continues to see intrusions because organizations fail to use these basic
1. Patch applications and operating systems – Vulnerable applications and operating
systems are the targets of most attacks. Ensuring these are patched with the latest updates
greatly reduces the number of exploitable entry points available to an attacker. Use best
practices when updating software and patches by only downloading updates from
authenticated vendor sites.
2. Application whitelisting – Whitelisting is one of the best security strategies because it
allows only specified programs to run while blocking all others, including malicious
3. Restrict administrative privileges – Threat actors are increasingly focused on gaining
control of legitimate credentials, especially those associated with highly privileged
accounts. Reduce privileges to only those needed for a user’s duties. Separate
administrators into privilege tiers with limited access to other tiers.
4. Network Segmentation and Segregation into Security Zones – Segment networks into
logical enclaves and restrict host-to-host communications paths. This helps protect
sensitive information and critical services and limits damage from network perimeter
5. Input validation – Input validation is a method of sanitizing untrusted user input
provided by users of a web application, and may prevent many types of web application
security flaws, such as SQLi, XSS, and command injection.
6. File Reputation – Tune Anti-Virus file reputation systems to the most aggressive setting
possible; some products can limit execution to only the highest reputation files, stopping
a wide range of untrustworthy code from gaining control.
7. Understanding firewalls – When anyone or anything can access your network at any
time, your network is more susceptible to being attacked. Firewalls can be configured to
block data from certain locations (IP whitelisting) or applications while allowing relevant
and necessary data through.

7 of 13